Win32/Exploit.MSWord.Smtag trojan

A large MS Word (Office 2003, SP 3) document that I work on regularly appears to have been infected with a trojan this morning.  I'm running ESET / NOD32 (v3217 (20080625)).  This was the NOD32 warning:

Time      Module      Object      Name      Threat      Action      User      Information
6/25/2008 9:48:59 AM      AMON      file      <full path> a variant of Win32/Exploit.MSWord.Smtag trojan <machine name>\jdana      Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.

NOD32 was unable to clean the file.  The error message simply reads, "Unable to clean."

Here's the interesting twist: The file was reported infected after the 3217 update.  The 3218 update arrived minutes ago, and suddenly NOD32 reports the file is clean.  Was I looking at a "false positive" from NOD32?   Is there an online tool I can use to verify the file is, in fact, clean?
jdanaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

IndiGenusCommented:
Yes sounds like it was a false positive. To make sure you could upload the file to one of the online scanners. It will be scanned by almost every engine out there....

Go to http://virusscan.jotti.org, click on Browse, and upload the file for analysis:

If Jotti is too busy you can try these.

http://www.kaspersky.com/scanforvirus.html
http://www.virustotal.com/en/indexf.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vbuckjrCommented:
This is a false positive they had a bad signature file go out in 3217 have corrected it with the 3218 update, you can follow this link to a discussion of this problem.

http://www.wilderssecurity.com/showthread.php?p=1268309



0
Bene007Commented:
The proposal is quite correct.
I installed on the 25 of june, the version 3218 (now it is still 3221!) and i get no more false positive !
But, I have to tell you that the 25 opf june the option scan and clean 've deleted some old Word Files !
The option in the action tab doesn't explain that.
Benedicte
0
jdanaAuthor Commented:
Sure enough, the "shadow" trojan vanished with the update.  Thanks for the assistance.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.